DNS delegation on Linux Bind vs Windows DNS failing
Mattias Segerdahl
mattias.segerdahl at se.fujitsu.com
Fri Oct 17 07:25:48 UTC 2008
Good morning,
I have a slight problem with a DNS delegation that just won't work on
Linux Bind.
I have testdomain.com configured on a Windows DNS server as the master
and the same zone on a slave Linux Bind.
Windows/Linux zone configuration (zone.testdomain.com on master
sdns01-01.testdomain.com (Windows) and sdns02-01.testdomain.com (Linux
Bind))
========================================================================
===
sdns01-01.testdomain.com. IN A 127.0.0.1
sdns02-01.testdomain.com. IN A 127.0.0.2
ddns01-01.testdomain.com. IN A 127.0.1.1
ddns01-02.testdomain.com. IN A 127.0.1.2
ddns01-03.testdomain.com. IN A 127.0.1.3
$ORIGIN .
testdomain.com SOA sdns01-01.testdomain.com.
hostmaster.testdomain.com. (
2831352510 ; serial
7200 ; refresh (2
hours)
3600 ; retry (1
hour)
1209600 ; expire (2
weeks)
3600 ; minimum (1
hour)
)
NS sdns01-01.testdomain.com.
NS sdns02-01.testdomain.com.
$ORIGIN testdomain.com.
test NS ddns01-01.testdomain.com.
test NS ddns01-02.testdomain.com.
test NS ddns01-03.testdomain.com.
========================================================================
===
On ddns01-01/ddns01-02/ddns01-03 I have Sun Solaris Bind with the
following configuration :
========================================================================
===
$ORIGIN .
$TTL 604800 ; 1 week
testdomain.com IN SOA testdomain.com. root.testdomain.com.
(
6818 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ddns01-01.testdomain.com.
NS ddns01-02.testdomain.com.
NS ddns01-03.testdomain.com.
$ORIGIN testdomain.com.
$TTL 1 ; 1 second
test A 127.0.2.1
A 127.0.2.2
A 127.0.2.3
========================================================================
===
dig ns testdomain.com @127.0.0.1
========================================================================
===
; <<>> DiG 9.2.4 <<>> ns testdomain.com @127.0.0.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3018
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;testdomain.com. IN NS
;; ANSWER SECTION:
testdomain.com. 3600 IN NS
sdns01-01.testdomain.com.
testdomain.com. 3600 IN NS
sdns02-01.testdomain.com.
;; ADDITIONAL SECTION:
sdns01-01.testdomain.com. 900 IN A 127.0.0.1
sdns02-01.testdomain.com. 900 IN A 127.0.0.2
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 17 09:12:16 2008
;; MSG SIZE rcvd: 279
========================================================================
===
dig ns testdomain.com @127.0.0.2
========================================================================
===
; <<>> DiG 9.2.4 <<>> ns testdomain.com @127.0.0.2
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3018
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 6
;; QUESTION SECTION:
;testdomain.com. IN NS
;; ANSWER SECTION:
testdomain.com. 3600 IN NS
sdns01-01.testdomain.com.
testdomain.com. 3600 IN NS
sdns02-01.testdomain.com.
;; ADDITIONAL SECTION:
sdns01-01.testdomain.com. 900 IN A 127.0.0.1
sdns02-01.testdomain.com. 900 IN A 127.0.0.2
;; Query time: 4 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Fri Oct 17 09:12:16 2008
;; MSG SIZE rcvd: 279
========================================================================
===
The domain server respond properly for the NS on the TLD.
But here comes the problem, while it does give out the correct DNS
delegation on the Windows server, it doesn't on the bind (remember,
127.0.0.2 is Linux Bind)
dig ns test.testdomain.com @127.0.0.1
========================================================================
===
; <<>> DiG 9.2.4 <<>> ns test.testdomain.com @127.0.0.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2850
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;test.testdomain.com. IN NS
;; ANSWER SECTION:
test.testdomain.com. 3600 IN NS
ddns01-02.testdomain.com.
test.testdomain.com. 3600 IN NS
ddns01-03.testdomain.com.
test.testdomain.com. 3600 IN NS
ddns01-01.testdomain.com.
;; ADDITIONAL SECTION:
ddns01-02.testdomain.com. 900 IN A 127.0.1.2
ddns01-03.testdomain.com. 900 IN A 127.0.1.3
ddns01-01.testdomain.com. 900 IN A 127.0.1.1
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 17 09:15:09 2008
;; MSG SIZE rcvd: 164
========================================================================
===
dig ns test.testdomain.com @127.0.0.2
========================================================================
===
; <<>> DiG 9.2.4 <<>> ns test.testdomain.com @127.0.0.2
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3797
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.testdomain.com. IN NS
;; Query time: 2134 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Fri Oct 17 09:15:57 2008
;; MSG SIZE rcvd: 35
========================================================================
===
Here the Linux Bind server fails to tell me which DNS's that's
configured for test.testdomain.com while Windows does.
I can continue doing dig to get the correct answers on the windows dns :
dig test.testdomain.com @127.0.0.1
========================================================================
===
; <<>> DiG 9.2.4 <<>> a test.testdomain.com @127.0.0.1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55435
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.testdomain.com. IN A
;; ANSWER SECTION:
test.testdomain.com. 1 IN A 127.0.2.1
test.testdomain.com. 1 IN A 127.0.2.2
test.testdomain.com. 1 IN A 127.0.2.3
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 17 09:19:35 2008
;; MSG SIZE rcvd: 51
========================================================================
===
But not on the Linux Bind server :
dig test.testdomain.com @127.0.0.2
========================================================================
===
; <<>> DiG 9.2.4 <<>> a test.testdomain.com @127.0.0.2
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43330
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;test.testdomain.com. IN A
;; Query time: 2133 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Fri Oct 17 09:20:36 2008
;; MSG SIZE rcvd: 35
========================================================================
===
Can anyone tell me what I am doing wrong, or if this isn't possible on
Bind?
More information about the bind-users
mailing list